The following subsections are examples of using the adapter's issuance criteria to restrict authorizing users to accessing protected resources.

Restrict users based on device ownership

  1. From the PingFederate home screen, navigate to your configured MobileIron adapter.
  2. Select Adapter Contract Mapping, then Configure Adapter Contract to access the adapter's attribute mapping summary screen and Navigate to the Issuance Criteria subheader.
  3. For Source select adapter
  4. For Attribute Name select Ownership
  5. For Condition select not equal to
  6. MobileIron's device API returns one of three values for ownership:
    • COMPANY for Corporate owned devices
    • EMPLOYEE for Employee owned devices
    • UNKNOWN

    Select which type device ownership complies with your business practices and click Add, Done twice, then Save.

Restrict users based on device operating system

  1. From the PingFederate home screen, navigate to your configured MobileIron adapter.
  2. Select Adapter Contract Mapping then Configure Adapter Contract to access the adapter's attribute mapping summary screen. Navigate to the Issuance Criteria subheader.
  3. For Source select adapter
  4. For Attribute Name select os
  5. For Condition select not equal to
  6. MobileIron's device API returns different values for device operating systems.
    • IOS
    • ANDROID
    Select which device operating systems complies with your business practices and click Add, Done twice, then Save.